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IN THE CLAIMS: 

The following listing of claims will replace all prior listings of claims in the application: 

1 . (Currently Amended): A method for network protocol filtering of a packe t using an 
address resolution table that is cross-linked with a state table indexed with an address 
resolution table index (ART index), the packet having a Media Access Control (MAC) 
destination address , the method comprising: 

determining a packet type for the packet; 

obtaining packet information for the packet including the MAC destination 
address : 

dotorm i ning wh e th e r the pack e t information is in a tab lo ; 
determining that the MAC destination address is included in the address 
resolution table: 

respons i ve to tho packet information b e ing in the tab l o, obta i ning an i ndox from 
th e tab le ; and 

obtaining the ART index associated with the MAC destination based on the 
address resolution table wherein the ART index obtained is an index into the state table 
for locating an entry in the state table; and 

stor i ng tho indox i n a data structure in assoc i ation w i th th e pack e t 
storing the obtained ART index and the packet information in a data structure 
associated with the state table . 

2. (Currently Amended): The method, according to claim 1 , further comprising: 

determining whether the packet is for a new connection; and 
responsive to the packet not being for the new connection, the determining 
whether the packet information is in the address resolution table. 

3. (Original): The method, according to claim 2, wherein the packet type is a 
Transmission Control Protocol type. 

Page 2 

840344 1 



PATENT 

Atty. Dkt. No. NVDA/P000802 

4. (Original): The method, according to claim 1, wherein the packet type is a User 
Datagram Protocol type. 

5. (Original): The method, according to claim 1, wherein the packet information is a five- 
tuple including source and destination addresses, source and destination ports, and a 
packet type identifier. 

6. (Original): The method, according to claim 1, wherein the packet type is a Generic 
Routing Encapsulation type. 

7. (Original): The method, according to claim 6, wherein the packet information is a five- 
tuple including source and destination addresses, an apportioned Generic Routing 
Encapsulation identifier, and a packet type identifier. 

8. (Original): The method, according to claim 1, wherein the packet type is an Internet 
Protocol Security type. 

9. (Original): The method, according to claim 8, wherein the packet information is a five- 
tuple including source and destination addresses, an apportioned security parameter 
string, and a packet type identifier. 

10. -13. (Cancelled) 

14. (Currently Amended): A method for inbound network address translation packet 
filtering using an address resolution table that is cross-linked with a state table indexed 
with an address resolution table index (ART index), the packet having a Media Access 
Control (MAC) destination address , the method comprising: 
obtaining a packet; 

determining whether type of the packet is one of a Transmission Control 
Protocol, a User Datagram Protocol, a Generic Routing Encapsulation, an Internet 
Protocol Security and an Internet Control Message Protocol type; 

if the type is the Transmission Control Protocol type, determining if the packet is 
an initial packet for a connection; 
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if the type is the Transmission Control Protocol type and the packet is for an 
existing connection or if the type is one of the User Datagram Protocol type, the Generic 
Routing Encapsulation type and the Internet Protocol Security type, 

obtaining packet information from the packe t including the MAC 
destination address ; 

d e t e rm i n i ng wh e th e r th e pack e t i nformation i s in a f i rst tab le ; 
determining that the MAC destination address is included in the address 
resolution table: 

r e spons i v e to th e pack e t information b ei ng i n th e first table, obtaining a 
first indox from th o f i rst tab l o, tho first ind e x for a s e cond tab l e; 

stor i ng th e f i rst ind e x in a data structur e assoc i at e d w i th th e pack e t; 

obtain i ng a s e cond i nd e x from th e s e cond tab le r e spons i v e to th e f i rst 
i nd e x; and 

stor i ng th e second i ndex i n tho data structure; 
if th e typ e is th e Int e rn e t Contro l M e ssag e Protoco l type, det e rm i n i ng wh e ther th o 
I nt e rnet Contro l Messag e Protoco l typ e i s on a l ist of Int e rn e t Contro l M e ssag e Protoco l 
typesi 

obta i ning a third ind e x from ono of the f i rst tablo and tho second tab le , the third 
ind e x to a th i rd tabl e ; and 

stor i ng th e th i rd i nd e x i n th e data structur e 

obtaining the ART index associated with the MAC destination address based on 
the address resolution table, wherein the ART index obtained is an index into the state 
table for locating an entry in the state table; and 

storing the obtained ART index and the product information in the data structure 
associated with the state table . 

15.-18. (Cancelled) 

1 9. (Currently Amended): The method, according to claim [[1 8]] 14, further comprising: 
checking validity of layers of the packet; 
checking Internet Protocol options for the packet; and 
determining whether the packet is a fragment. 
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20. - 26. (Cancelled) 

27. (Currently Amended): The method, according to claim [[26]] 14, wherein the data 
structure is for a plurality of canonical frame headers. 

28. (Cancelled) 

29. (Currently Amended): The method, according to claim [[28]] 14. wherein the 
s e cond state table is a connection table. 

30. (Cancelled) 

31. (Currently Amended): A method for outbound packet filtering using an address 
resolution table that is cross-linked with a state table indexed with an address resolution 
table index (ART index), the packet having a Media Access Control (MAC) destination 
address , the method comprising: 

obtaining a packet; 

determining whether an incoming interface for the packet is running network 
address translation; 

if the incoming interface is running the network address translation, 

obtaining a first index from a data structure associated with the packet; 

and 

obtaining packet information in a first table using the first index; 
determining whether type of the packet is one of a Transmission Control 
Protocol, a User Datagram Protocol, a Generic Routing Encapsulation, an Internet 
Protocol Security and an Internet Control Message Protocol type; 

if the type is the Transmission Control Protocol type, determining if the packet is 
an initial packet for a connection; 

if the type is the Transmission Control Protocol type and the packet is for an 
existing connection or if the type is the User Datagram Protocol type, 

obtaining the packet information from the packet including the MAC 
destination address,IT ;11 

d e termin i ng whothor tho pack e t information is in a second tablo; 
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r e sponsiv e to th e pack e t information b e ing i n th e s e cond tab le , obta i n i ng a 
s e cond ind e x from th e s e cond tabl e ; 

stor i ng th e s e cond i nd e x i n th e data structur e ; 

ch e cking wh e th e r th e pack e t is th e Transm i ss i on Control Protoco l typ e ; 

determing that the MAC destination address is included in the address 
resolution table. 

r e sponsiv e to th e pack e t be i ng th e Transm i ssion Control Protocol typ e , 
chocking for a Transm i ss i on Contro l Protocol state e rror of tho packet; 
if th e typ e i s th e Gen e ric Routing Encapsu l at i on type or th e Int e rn e t Protocol 
S e cur i ty typ e , 

obtain i ng pack e t informat i on from th e pack e t; 
d e t e rm i ning whether th e packet informat i on i s i n th o s e cond tab l o; 
r e sponsiv e to th e pack e t i nformation b e ing i n th e s e cond tab le , obtain i ng 
tho second i nd e x from tho second tab l o; and 

storing th e s e cond ind e x in th e data structur e ; 

obtaining the ART index associated with the MAC destination address 
based on the address resolution table, wherein the ART index obtained is an index into 
the state table for locating an entry in the state table, and 

storing the obtained ART index and the packet information in a data 
structure associated with the state table; 

if the type is the Internet Control Message Protocol type, determining whether the 
Internet Control Message Protocol type is on a list of Internet Control Message Protocol 
types; 

if the type is not the Internet Control Message Protocol type, 

determining if the outgoing interface is running the network address 
translation; 

responsive to the outgoing interface running the network address 
translation, 

obtaining the second index from the data structure; and 
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obtaining the packet information from the first table using the 
second index. 

32. - 35. (Cancelled) 

36. (Original): The method, according to claim 31, wherein the packet information 
is a five-tuple including source and destination addresses, source and destination ports, 
and a packet type identifier. 

37. (Original): The method, according to claim 31, wherein the packet type is a 
Generic Routing Encapsulation type. 

38. (Original): The method, according to claim 37, wherein the packet information 
is a five-tuple including source and destination addresses, an apportioned Generic 
Routing Encapsulation identifier, and a packet type identifier. 

39. (Original): The method, according to claim 31, wherein the packet type is an 
Internet Protocol Security type. 

40. (Original): The method, according to claim 39, wherein the packet information 
is a five-tuple including source and destination addresses, an apportioned security 
parameter string, and a packet type identifier. 

41 . (Original): The method, according to claim 31 , further comprising: 

checking validity of layers of the packet; 

checking Internet Protocol options for the packet; and 

determining whether the packet is a fragment. 

42. -51. (Cancelled) 

52. (Currently Amended): The method, according to claim [[51]] 31, wherein the data 
structure is for a plurality of canonical frame headers. 

53. - 66. (Cancelled) 

Page 7 

840344 1 



